Overview:
We are seeking an experienced and proactive Cybersecurity Governance, Risk, and Compliance (GRC) Specialist to support cybersecurity roadmap, regulatory compliance initiatives, and policy localization for our operations in China. The ideal candidate will have a strong technical background in IT and cybersecurity, combined with practical experience in supporting Multi Level Protection Schema (MLPS - 等级保护) assessment and implementing data protection best practices. Fluency in both spoken and written English is essential due to frequent collaboration with global teams.

Key Responsibilities:
1. Governance:
a. Develop, implement, and maintain cybersecurity policies, procedures, and standards tailored to local and international requirements.
b. Localize global cybersecurity policies and standards to align with China’s regulatory and operational environment.
c. Monitor the evolving China cybersecurity laws and regulations, perform necessary gap assessment and take lead on remediation actions
2. Risk Management:
a. Conduct risk assessments, identify vulnerabilities, and propose mitigations for IT and OT environments.
b. Collaborate with stakeholders to address and resolve identified risks.
c. Support the regional third-party risk management program to ensure vendor compliance with cybersecurity requirements.
3. Compliance:
a. Lead and support China’s Multi Level Protection Schema (MLPS - 等级保护) evaluation process, ensuring timely certification in accordance with the local roadmap.
b. Ensure compliance with China’s cybersecurity laws and regulations, including cross-border data transfer (CBDT) requirements.
c. Stay updated on data protection best practices, including data classification and classification, to advise on and implement relevant policies.
d. Support audits and certifications relevant to cybersecurity (e.g., Internal audit, ISO 27001).
e. Handle necessary legal / regulatory mandatory (LRM) submissions.
4. User Awareness and Training:
a. Promote cybersecurity awareness across the organization through localized training programs tailored for Chinese users.
b. Ensure all employees understand and adhere to cybersecurity best practices and policies.

Qualifications:
Basic:
61 Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
61 5+ years of experience in cybersecurity, GRC, or IT risk governance roles.
61 Practical experience supporting Multi Level Protection Schema (MLPS - 等级保护) evaluations.
61 Strong understanding of cybersecurity management domains including but not limited to IAM, Data Protection, Network Security, Incident Response and Management, Secure Asset Management, etc.
61 Familiarity with China’s cross-border data transfer (CBDT) laws and regulations.
61 Fluent in English and Mandarin (spoken and written) is required, and Japanese/Korean is preferred.
Preferred:
61 Professional certifications like CISSP, CISM, CRISC, or CISA.
61 Experience working in multinational organizations or regulated industries.
61 Familiarity with IT/OT security practices and industrial cybersecurity.
61 Excellent collaboration and communication skills with a proactive mindset.